Data Security Requirements for Tax Preparers
If you are in the majority of taxpayers who use a professional tax preparer, you benefit from the efforts of the IRS and the Federal Trade Commission (FTC) to protect your personal tax information. In IR-2019-131 the IRS offered tips to tax preparers on ways to safeguard client information.
"Protecting taxpayer data is not only a good business practice, it is the law for professional tax preparers," IRS Commissioner Chuck Rettig stated. "Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business."
The FTC requires all tax preparers to comply with the "Safeguards Rule." While the scope and complexity of a plan will relate to the size of the tax preparation organization, all tax preparers must have a written data security plan.
The plan must include the following five components:
- Security Coordinator A named employee must be in charge of the data security program.
- Risk Assessment The Security Coordinator must review all procedures for data security. This may include firewalls, anti-virus software, data encryption policies and a review of individuals who have access to servers and data.
- Safeguards Program The Security Coordinator must periodically analyze the system and ensure that the operating systems, firewall and anti-virus software updates have been completed. Many data breaches have occurred because an operating system, firewall or anti-virus software update was not installed.
- Review of Service Providers Many tax preparers use software or servers maintained by third parties. The Security Coordinator must review the data safety plans of outside providers.
- Security Evaluation Data security is an ongoing program. The Security Coordinator must periodically review the overall security plan and make updates as needed.